Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/43vQaaliOOdSq17ShUeLI48zIXQ.roa
File: 43vQaaliOOdSq17ShUeLI48zIXQ.roa (raw, json)
Hash identifier: BV0yeE5I+GPuwHiDMOn3dL9EAk3+5o3uUQzU52vXQSw=
Subject key identifier: E3:7B:D0:69:A9:62:38:E7:52:AB:5E:D2:85:47:8B:23:8F:33:21:74
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 33BA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/43vQaaliOOdSq17ShUeLI48zIXQ.roa
Signing time: Thu 28 Mar 2024 13:22:03 +0000
ROA not before: Thu 28 Mar 2024 13:22:03 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13242 (0x33ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 13:22:03 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E37BD069A96238E752AB5ED285478B238F332174
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:ef:78:76:7e:ae:9c:32:58:45:95:15:d4:4c:
a6:32:e7:ca:c1:57:6d:90:52:0f:49:b5:0d:e8:e4:
c1:a7:cf:6d:aa:39:f3:99:c3:70:68:2e:91:38:84:
a8:64:6e:90:b6:43:a8:3f:b5:fc:42:15:26:87:19:
4e:74:8e:af:a5:81:fd:9a:ae:12:36:4c:93:a0:44:
79:a6:fa:e9:4e:c7:47:18:6e:93:db:3d:27:31:5f:
7e:f3:c3:11:b6:f4:1e:32:93:06:34:9e:e5:a2:af:
fd:12:e2:18:7f:d0:61:80:2a:d7:97:b6:25:99:5d:
17:1c:58:c8:d5:ec:53:21:37:70:e3:b4:13:1c:d5:
8c:45:19:b2:d2:55:ec:ff:46:3f:53:29:41:f4:1d:
8d:cc:5f:4a:16:66:da:49:28:9f:bb:5a:95:9e:7e:
f8:d4:ad:d1:ef:2e:4a:a2:75:9c:2d:d3:f7:db:03:
35:69:1a:80:7f:72:e5:f2:90:53:9e:4b:23:f2:38:
95:7e:4d:3c:c3:85:dd:42:c4:21:49:28:e0:fe:f0:
06:74:d0:8b:80:11:ee:f2:59:de:ce:d7:e1:d0:4b:
67:1c:bf:13:66:c9:b1:42:6d:b3:f3:1c:2f:65:9a:
20:89:93:2d:46:04:3b:ca:0e:53:55:d1:db:54:de:
43:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:7B:D0:69:A9:62:38:E7:52:AB:5E:D2:85:47:8B:23:8F:33:21:74
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/43vQaaliOOdSq17ShUeLI48zIXQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3b:8e:df:e5:0d:c8:e3:0d:28:20:36:68:46:1c:ba:70:51:26:
e2:a9:14:86:d5:78:e1:d1:8a:d6:bb:b6:50:00:ed:c9:5a:c8:
39:8a:8a:f4:46:d4:81:90:9f:cd:84:7a:92:1d:86:ce:f5:16:
12:2c:26:da:ed:a8:6d:5d:0e:eb:90:00:0a:8e:43:66:48:55:
89:d3:ac:1d:b6:a2:19:8b:9c:f3:3d:68:85:55:f0:2e:bf:5f:
94:b2:6c:1f:c8:2e:2f:f5:5c:47:0e:00:c7:1b:a5:98:d4:70:
a9:56:2c:02:97:e7:9c:44:60:b7:bc:ec:19:78:31:f5:e6:5d:
c0:96:7a:76:77:e1:c5:c6:74:47:f1:2e:c9:e6:61:27:7b:bd:
c9:b6:eb:72:67:e8:73:7f:9e:07:42:9e:e1:7f:a5:07:39:14:
25:fa:b7:67:a0:63:e9:35:0f:23:ce:78:d8:df:7d:70:fb:97:
cc:74:e4:b0:c1:e4:36:75:98:2b:50:8f:0d:7e:f5:5a:a6:9e:
9e:24:43:4b:83:bf:d8:06:86:2f:e7:42:86:12:bd:af:80:38:
1f:39:f8:50:fb:b8:d5:b3:44:0e:17:95:db:49:06:5a:21:53:
07:1e:09:cf:23:5a:83:b5:95:f6:48:17:ff:1a:d2:a9:8a:48:
5a:a1:c6:f5
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICM7owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgx
MzIyMDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUzN0JEMDY5QTk2MjM4
RTc1MkFCNUVEMjg1NDc4QjIzOEYzMzIxNzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDM73h2fq6cMlhFlRXUTKYy58rBV22QUg9JtQ3o5MGnz22qOfOZ
w3BoLpE4hKhkbpC2Q6g/tfxCFSaHGU50jq+lgf2arhI2TJOgRHmm+ulOx0cYbpPb
PScxX37zwxG29B4ykwY0nuWir/0S4hh/0GGAKteXtiWZXRccWMjV7FMhN3DjtBMc
1YxFGbLSVez/Rj9TKUH0HY3MX0oWZtpJKJ+7WpWefvjUrdHvLkqidZwt0/fbAzVp
GoB/cuXykFOeSyPyOJV+TTzDhd1CxCFJKOD+8AZ00IuAEe7yWd7O1+HQS2ccvxNm
ybFCbbPzHC9lmiCJky1GBDvKDlNV0dtU3kPLAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQU43vQaaliOOdSq17ShUeLI48zIXQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzQzdlFhYWxpT09kU3Ex
N1NoVWVMSTQ4eklYUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAO47f5Q3I4w0oIDZoRhy6cFEm4qkUhtV4
4dGK1ru2UADtyVrIOYqK9EbUgZCfzYR6kh2GzvUWEiwm2u2obV0O65AACo5DZkhV
idOsHbaiGYuc8z1ohVXwLr9flLJsH8guL/VcRw4AxxulmNRwqVYsApfnnERgt7zs
GXgx9eZdwJZ6dnfhxcZ0R/EuyeZhJ3u9ybbrcmfoc3+eB0Ke4X+lBzkUJfq3Z6Bj
6TUPI8542N99cPuXzHTksMHkNnWYK1CPDX71WqaeniRDS4O/2AaGL+dChhK9r4A4
Hzn4UPu41bNEDheV20kGWiFTBx4JzyNag7WV9kgX/xrSqYpIWqHG9Q==
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:25:03 2025 by rpki-client